Improve Windows Update reporting
In the last year, I create a PowerShell script that improved the overall admin experience of Windows Update for Business. You can find the post here.
Now, I worked on improving the report functionality. For this I added several registry keys to track and provide the right installation status.
Under the WindowsUpdate key, there are now two different keys added.
The status will provide an overall patch status of the system
Will show the current installation of all installable or already installed updates – together with the installation time.
This is the “Status” key:
Description of the provided registry keys:
- Installed KBs:
All KBs that are installed – take a look at this post to review how the installation gets detected.
- Last Update Scan:
Last time the script was executed – independent of any update download or installation.
- Open Pending Updates:
True or False – If the device is not fully patched, the value will be true.
- Pending Definition Updates
Count of the current Definition Updates that are not installed
- Pending Feature Updates
Count of the current Feature Updates that are not installed
- Pending Security Updates
Count of the current Security Updates that are not installed
- Pending Update Rollups
Count of the current Update Rollups that are not installed
- Pending Updates
Count of current Updates that are not installed
- Pending Reboot
True or False – if a reboot is pending, the value will be true
- Total Installed KBs
Count of all installed KBs
- Total Missing Updates
Count of all pending updates
You can access the via Workspace ONE Sensors. I created an import script to import all the available sensors. You find the sensors and the import script on GITHUB. I also added the hostname since in Dashboards there is for now (25. January 2022) no option to combine Sensor Data with Workspace ONE UEM data. As resolution I added the hostname to the sensors. With this data you have a better overview of the Windows Update patch status of your environment.
With the data synchronized to Workspace ONE Intelligence we can create nice dashboards like this:
For specific KB’s you can query the registry keys below the
There you’ll find all the installed KB’s and the corresponding installation status.